Modern organizations find it desirable to find, monitor, and protect sensitive information (e.g., in electronic form)—such as PII, Financial Data, Intellectual Property, and Health data in e-mail. In order to do this, organizations attempt to model both the data that should be protected—as well as the policies that should be applied to the data. For e-mail, administrators attempt to select different scoping mechanism for their policies such as sender identity, recipient identity, and others.
In addition, administrators attempt to select and apply actions such as audit, encrypt, require TLS transmission, etc. Also, administrators try to take policies that are related to a single objective such as regulatory objective and may try to manage them as a single package, even though policies may contain different rules, and enable/disable and test policy in a single action.